瑞星卡卡安全论坛技术交流区入侵防御(HIPS) 求助!被http://cn.daxia123.cn/cn.js入侵或者是病毒、攻击

«23456789   9  /  9  页   跳转

求助!被http://cn.daxia123.cn/cn.js入侵或者是病毒、攻击

回复:求助!被http://cn.daxia123.cn/cn.js入侵或者是病毒、攻击

我的 urlscan.ini设置是这样的
[options]

UseAllowVerbs=1                ; If 1, use [AllowVerbs] section, else use the
                              ; [DenyVerbs] section.

UseAllowExtensions=0          ; If 1, use [AllowExtensions] section, else use
                              ; the [DenyExtensions] section.

NormalizeUrlBeforeScan=1      ; If 1, canonicalize URL before processing.

VerifyNormalization=1          ; If 1, canonicalize URL twice and reject request
                              ; if a change occurs.

AllowHighBitCharacters=0      ; If 1, allow high bit (ie. UTF8 or MBCS)
                              ; characters in URL.

AllowDotInPath=0              ; If 1, allow dots that are not file extensions.

RemoveServerHeader=0          ; If 1, remove the 'Server' header from response.

EnableLogging=1                ; If 1, log UrlScan activity.

PerProcessLogging=0            ; If 1, the UrlScan.log filename will contain a PID
                              ; (ie. UrlScan.123.log).

AllowLateScanning=0            ; If 1, then UrlScan will load as a low priority
                              ; filter.

PerDayLogging=1                ; If 1, UrlScan will produce a new log each day with
                              ; activity in the form 'UrlScan.010101.log'.

UseFastPathReject=0            ; If 1, then UrlScan will not use the
                              ; RejectResponseUrl or allow IIS to log the request.

LogLongUrls=0                  ; If 1, then up to 128K per request can be logged.
                              ; If 0, then only 1k is allowed.

;
; If UseFastPathReject is 0, then UrlScan will send
; rejected requests to the URL specified by RejectResponseUrl.
; If not specified, '/<Rejected-by-UrlScan>' will be used.
;

RejectResponseUrl=

;
; LoggingDirectory can be used to specify the directory where the
; log file will be created.  This value should be the absolute path
; (ie. c:\some\path).  If not specified, then UrlScan will create
; the log in the same directory where the UrlScan.dll file is located.
;

LoggingDirectory=G:\WINNT\system32\inetsrv\urlscan\logs

;
; If RemoveServerHeader is 0, then AlternateServerName can be
; used to specify a replacement for IIS's built in 'Server' header
;

AlternateServerName=

[RequestLimits]

;
; The entries in this section impose limits on the length
; of allowed parts of requests reaching the server.
;
; It is possible to impose a limit on the length of the
; value of a specific request header by prepending "Max-" to the
; name of the header.  For example, the following entry would
; impose a limit of 100 bytes to the value of the
; 'Content-Type' header:
;
;  Max-Content-Type=100
;
; To list a header and not specify a maximum value, use 0
; (ie. 'Max-User-Agent=0').  Also, any headers not listed
; in this section will not be checked for length limits.
;
; There are 3 special case limits:
;
;  - MaxAllowedContentLength specifies the maximum allowed
;    numeric value of the Content-Length request header.  For
;    example, setting this to 1000 would cause any request
;    with a content length that exceeds 1000 to be rejected.
;    The default is 30000000.
;
;  - MaxUrl specifies the maximum length of the request URL,
;    not including the query string. The default is 260 (which
;    is equivalent to MAX_PATH).
;
;  - MaxQueryString specifies the maximum length of the query
;    string.  The default is 2048.
;

MaxAllowedContentLength=30000000
MaxUrl=80
MaxQueryString=75

[AllowVerbs]

;
; The verbs (aka HTTP methods) listed here are those commonly
; processed by a typical IIS server.
;
; Note that these entries are effective if "UseAllowVerbs=1"
; is set in the [Options] section above.
;

GET
HEAD
POST

[DenyVerbs]

;
; The verbs (aka HTTP methods) listed here are used for publishing
; content to an IIS server via WebDAV.
;
; Note that these entries are effective if "UseAllowVerbs=0"
; is set in the [Options] section above.
;

PROPFIND
PROPPATCH
MKCOL
DELETE
PUT
COPY
MOVE
LOCK
UNLOCK
OPTIONS
SEARCH

[DenyHeaders]

;
; The following request headers alter processing of a
; request by causing the server to process the request
; as if it were intended to be a WebDAV request, instead
; of a request to retrieve a resource.
;

Translate:
If:
Lock-Token:
Transfer-Encoding:

[AllowExtensions]

;
; Extensions listed here are commonly used on a typical IIS server.
;
; Note that these entries are effective if "UseAllowExtensions=1"
; is set in the [Options] section above.
;

.htm
.html
.txt
.jpg
.jpeg
.gif

[DenyExtensions]

;
; Extensions listed here either run code directly on the server,
; are processed as scripts, or are static files that are
; generally not intended to be served out.
;
; Note that these entries are effective if "UseAllowExtensions=0"
; is set in the [Options] section above.
;
; Also note that ASP scripts are denied with the below
; settings.  If you wish to enable ASP, remove the
; following extensions from this list:
;    .asp
;    .cer
;    .cdx
;    .asa
;

; Deny ASP requests

.cer
.cdx
.asa

; Deny executables that could run on the server
.exe
.bat
.cmd
.com

; Deny infrequently used scripts
.htw    ; Maps to webhits.dll, part of Index Server
.ida    ; Maps to idq.dll, part of Index Server
.idq    ; Maps to idq.dll, part of Index Server
.htr    ; Maps to ism.dll, a legacy administrative tool
.idc    ; Maps to httpodbc.dll, a legacy database access tool
.shtm    ; Maps to ssinc.dll, for Server Side Includes
.shtml  ; Maps to ssinc.dll, for Server Side Includes
.stm    ; Maps to ssinc.dll, for Server Side Includes
.printer ; Maps to msw3prt.dll, for Internet Printing Services

; Deny various static files
.ini    ; Configuration files
.log    ; Log files
.pol    ; Policy files
.dat    ; Configuration files

[DenyUrlSequences]
..  ; Don't allow directory traversals
./  ; Don't allow trailing dot on a directory name
\  ; Don't allow backslashes in URL
:  ; Don't allow alternate stream access
%  ; Don't allow escaping after normalization
&  ; Don't allow multiple CGI processes to run on a single request
@
declare
select
gototop
 

回复:求助!被http://cn.daxia123.cn/cn.js入侵或者是病毒、攻击

希望有帮助
gototop
 

回复:求助!被http://cn.daxia123.cn/cn.js入侵或者是病毒、攻击

你那是哪个版本的?
gototop
 

回复:求助!被http://cn.daxia123.cn/cn.js入侵或者是病毒、攻击

我也在找解决方法啊
gototop
 

回复:求助!被http://cn.daxia123.cn/cn.js入侵或者是病毒、攻击

该用户帖子内容已被屏蔽
gototop
 

回复: 求助!被http://cn.daxia123.cn/cn.js入侵或者是病毒、攻击

UPDATE TABLENAME set COLNAME= REPLACE(convert(varchar(8000),COLNAME),'muma.js','')   

MS SQL的NTEXT不支持REPLACE,需转换为VARCHAR || NVARCHAR
gototop
 

回复: 求助!被http://cn.daxia123.cn/cn.js入侵或者是病毒、攻击



引用:
原帖由 岩盐115 于 2009-1-11 17:00:00 发表
我的 urlscan.ini设置是这样的
[options]

UseAllowVerbs=1                ; If 1, use [AllowVerbs] section, else use the
                              ; [DenyVerbs] section.

UseAllowExtensions=0 ......




这个代码怎么用呢,能说的详细点吧。非常感谢!
gototop
 
«23456789   9  /  9  页   跳转
页面顶部
Powered by Discuz!NT